package com.htgd.gardenexpo.utils;

import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author ：hejing
 * @date ：Created in 2022/2/25 15:30
 * @description：设置全局响应头
 * @modified By：`
 * @version: 1.0
 */
@Component
public class AddResponseHeaderFilter extends OncePerRequestFilter {
    //防止站点劫持
    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
                                    FilterChain filterChain) throws ServletException, IOException {
        httpServletResponse.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'none'");
//        httpServletResponse.setHeader("X-frame-options", "deny");
        httpServletResponse.setHeader("X-frame-options", "SAMEORIGIN");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("X-XSS-Protection", "1");
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Strict-Transport-Security", "max-age=63072000; includeSubdomains; preload");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
